Crowdstrike outage

HomerJ

Prolific Poster
came across this







 

SpyderTracks

We love you Ukraine
We were so lucky, our clients werent affected, or at least not before I signed off, and I’ve got a week off now during the fallout.

I hope the NHS can get back up quickly, it won’t be affecting their embedded systems on scanners and things as those will be legacy ME or XP oses , but nurses will be having to take hand notes for a few days and it just adds to their already high workload
 

HomerJ

Prolific Poster
and I’ve got a week off now during the fallout.

Peace out mo-fos! : r/memes
 

HomerJ

Prolific Poster

Earlier today, it issued a flawed update that effectively crippled millions of Windows PCs in countries all over the globe. The affected systems are unable to restart properly and simply display an error screen known as the blue screen of death.

The fault has been found and a fix has been issued, but early indications are that it will require each affected PC to be fixed manually, which could be a very slow process, giving that large businesses often have tens of thousands of computers in different locations and that many employees now work from home.
 

SpyderTracks

We love you Ukraine
@SpyderTracks

does this sound possible?

From a theoretical standpoint, it was a driver update that is essentially an OS level network scannerto enable early detection of intrusions that had a buggy update

He is right, from our standpoint, you could get into advanced recovery from a BSOD windows and theoretically guide an end user through rolling back the OS to a version before the update was applied, but that’s IF you have system restore enabled which a lot of corporate machines won’t do these days if they’re intune managed.

The BSOD is preventing them booting into windows, so they can’t get any remote access by IT as the remote tools run in windows, similarly, Intune won’t be able to send an autopilot reset command through as that’s picked up in windows itself also.

So yeah, I’d agree with him, it’s the after effect getting people back booting that’s the headache.

This has been a hole in remote solutions with windows for a long time now, and is ever more important since the pandemic pushed more users remote. We need remote commands to be receivable outside of the OS at some intermediate stage IMHO, you don’t want it at bios level because that’s too much of a security risk, almost like having a UEFI type micro OS in the boot manager partition that could be remotely triggered by Intune.

Its outages like this that tend to lead to new solutions coming about, we need to get the partition structure updated for how remote management now is imho.
 

TonyCarter

VALUED CONTRIBUTOR
Our company were affected, but it seems we escaped the worst of it as most people were still sleeping when the update rolled out, and out IT team delayed the update for all other machines, so you didn't get locked out on first boot.

The problem would have been much worse for us had they not done this mitigation as Bitlocker is enabled by default and we can't do anything 'serious' to the machine without an admin password...which is difficult if you can't even boot the computer to access the online helpdesk, and with even more people WFH than normal as it's a Friday.
 

AccidentalDenz

Lord of Steam
With me being off this week, I'm not going near my work laptop until the last possible moment (probably Sunday evening!) to double check when I'm in the office next week to lessen any chance of being caught up in all this
 

HomerJ

Prolific Poster
The truth is after the Steam Sale, Denz needed some extra juice to power the gaming system, so I'm going around to ride a pedalo for a week to generate some emergency gaming power.


cant say im not surprised, denz powered up his rig the other day and the light went out in my fridge, better start peddling as homer cant see snacks
 

AccidentalDenz

Lord of Steam
I do have to wonder if it was just one person who pushed out the update which broke everything, or if it was a perfect storm of a few different issues all colliding at once which took everything down. I've seen a few discussions on Twitter along those lines and there doesn't seem to be a consensus - I am aware that Twitter might not be the most reliable for answers of this particular nature, but it is entertaining trying to figure it out on there!
 
Top